🌍 ENTERPRISE SECURITY, COMPLIANCE & SLA FRAMEWORK

Effective Date: 01/11/2025
Company: Moondria Technologies
1st Floor, Citi Mall, Andheri West, Mumbai – India
Email: contact@moondria.com

This document forms part of the Master Services Agreement (MSA) and applies to all enterprise-level service engagements.

🔐 SECTION 1: ISO-STYLE INFORMATION SECURITY POLICY

Moondria Technologies commits to maintaining an information security management approach aligned with internationally recognized standards such as ISO/IEC 27001 principles.

1.1 Security Objectives

  • Protect confidentiality, integrity, and availability of data
  • Prevent unauthorized access
  • Maintain business continuity
  • Ensure regulatory compliance

1.2 Access Control

  • Role-Based Access Control (RBAC)
  • Least privilege enforcement
  • Multi-factor authentication (where applicable)
  • Secure credential management

1.3 Data Protection

  • Encryption in transit (TLS/HTTPS)
  • Encrypted backups where applicable
  • Secure storage configurations
  • Access logging & monitoring

1.4 Secure Development Lifecycle (SDLC)

  • Secure coding practices
  • Code reviews
  • Vulnerability testing
  • Patch management procedures

📊 SECTION 2: ENTERPRISE SERVICE LEVEL AGREEMENT (SLA)

2.1 Uptime Commitment

For managed hosting environments:

  • 99.5% uptime (Standard Plan)
  • 99.9% uptime (Enterprise Plan)

Measured monthly, excluding:

  • Scheduled maintenance
  • Force majeure events
  • Third-party provider outages

2.2 Incident Response Time

  • Critical Issue: Response within 4 hours
  • High Priority: Response within 8 hours
  • Medium Priority: Response within 24 hours

2.3 Maintenance Windows

Scheduled maintenance will be communicated in advance where possible.

🌍 SECTION 3: GDPR DATA PROCESSING ADDENDUM (DPA)

Where applicable under EU or UK data protection regulations:

3.1 Data Processing Role

  • Client acts as Data Controller
  • Moondria acts as Data Processor

3.2 Processing Scope

Data processed only:

  • For agreed contractual purposes
  • Under documented client instructions

3.3 Data Subject Rights

Moondria will assist client in responding to:

  • Access requests
  • Data correction
  • Erasure requests
  • Data portability

3.4 Cross-Border Transfers

Data transfers outside EU will use appropriate safeguards.

🛒 SECTION 4: PCI-DSS ANNEX (E-COMMERCE)

For e-commerce systems handling card payments:

4.1 Payment Processing

  • Payment data handled via secure third-party gateways
  • No raw card data stored on unsecured systems

4.2 Secure Checkout Implementation

  • SSL encryption mandatory
  • Secure API integration
  • Tokenization where supported

4.3 Merchant Responsibility

Client is responsible for maintaining PCI compliance at merchant level.

🧠 SECTION 5: AI RISK & COMPLIANCE ANNEX

For AI-integrated systems:

5.1 Responsible AI Principles

  • Transparency
  • Fairness
  • Accountability
  • Security

5.2 Risk Mitigation

  • Human oversight mechanisms
  • Bias evaluation procedures
  • Data quality validation
  • Secure AI model deployment

5.3 Client Responsibilities

Client must ensure lawful data usage for AI training and deployment.

⚖ LIMITATION OF LIABILITY

Moondria Technologies’ total liability under this framework shall not exceed the total contract value paid under the governing agreement.

Moondria is not responsible for:

  • Third-party infrastructure failures
  • Regulatory non-compliance outside agreed scope
  • Client misconfiguration or negligence

🌙 ENTERPRISE COMMITMENT

Moondria Technologies integrates security, compliance, uptime reliability, and responsible AI governance into every enterprise system we design.

This framework ensures secure, scalable, and globally compliant digital infrastructure.

Shopping Cart
  • Your cart is empty.
error: Content is protected !!